WDS: PXE-Boot a client with CA2023 certificate and CA2011 revoked
Hi Microsoft, we try to PXE-Boot Notebooks that have SecureBoot enabled and have the CA2023 certificates. Furthermore the Clients have CA2011 Certificates revoked. Our Environment / Setup: WDS-Server: Fresh installed Windows Server 2025 (24H2) with latest cumulative Update (2026-05). WDS-Serverrole enabled. WDS configured and boot-image attached When booting a client with SecureBoot disabled, booting works. But when SecureBoot is enabled we get the shown message: When having a look at the files in the WDS Folder c:\RemoteInstall\boot\x64 I can see that there are still the EFi-Files signed with the old 2011 CA... So it is necessary to have EFI-Files (especially for WDS!) which are signed with CA 2023. I already tried to use wdsmgfw.efi and bootmgfw.efi Files from a winpe.wim from a Win 11 ADK 2025, but then I get errors like "0xc0000704". Disabling SecureBoot works, but is just a workaround. We need a fix for that Issue....
